Hi Alessio,
in our setup the user authenticates in the Web Application which is managed
through 'passport'. He receives an oAuth2 token when authentication was
successful.
We would like to use that same token for Geoserver as well. In order to do that
I assume we would have to verify that authenticity of that token somehow. Is
that what you mean by creating a small custom extension? Is there a guide as to
which steps need to be taken for this?
Lastly, how would I assign certain permissions for example layer level
restrictions for a user authenticated through oAuth2?
Kind regards,
Max
________________________________
Von: alessio.fabi...@gmail.com <alessio.fabi...@gmail.com> im Auftrag von
Alessio Fabiani <alessio.fabi...@geo-solutions.it>
Gesendet: Donnerstag, 12. Januar 2017 13:56:17
An: Max Stephan
Cc: geoserver-users@lists.sourceforge.net
Betreff: Re: [Geoserver-users] Securing access to OWS. Possible through oAuth 2?
Hi Max,
oauth2 can allow you to do this since in the end it relies on generated
access_tokens which are more or less similar to the fixed keys of the authkey
module.
The difference is that setting up the oauth2 is much more complex, but it also
gives you more security and reliability (as an instance the access_tokens are
generated and are associated to expiring sessions instead of being permanent as
for the authkey module).
The problem is that actually you need an oauth2 service provider of course. If
you want to implement your custom oauth2 service provider, then you might need
to create also a small custom extension of the GeoServer plugin.
Best Regards,
Alessio Fabiani.
==
GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i
file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo
è consentito esclusivamente al destinatario del messaggio, per le finalità
indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne
il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di
procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro
sistema. Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse,
costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the
attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act (Legislative
Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in
accord with its purpose, any disclosure, reproduction, copying, distribution,
or either dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the intended
recipient, please contact immediately the sender by telephone, fax or e-mail
and delete the information in this message that has been received in error. The
sender does not give any warranty or accept liability as the content, accuracy
or completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.
---------------------------------------------------------------------
On Thu, Jan 12, 2017 at 2:02 PM, Max Stephan
<m...@maxstephan.com<mailto:m...@maxstephan.com>> wrote:
Hi,
we need to secure resources within our Geoserver on a layer or service level.
Is it possible to achieve this using the oAuth2 community module? If yes, how
would I go about doing this?
I want to do this in an automated way, i.e. I wouldn't want the user to first
sign in to Geoserver to then be able to use the respective services or layers
in the web application.
If oAuth2 is not possible what other ways exist to achieve this?
I see the Key authentication module for example
(http://docs.geoserver.org/stable/en/user/community/authkey/index.html) but not
sure if that would provide the right level of security.
Kind regards and thanks in advance,
Max Stephan
Key authentication module — GeoServer 2.10.x User
Manual<http://docs.geoserver.org/stable/en/user/community/authkey/index.html>
docs.geoserver.org<http://docs.geoserver.org>
Key authentication module¶ The authkey module for GeoServer allows for a very
simple authentication protocol designed for OGC clients that cannot handle any
kind of ...
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
